Read the following Scenario
You are appointed as an information technology (IT) security manager in the XYZ health care organization. This large, publically traded health care organization has 25 sites across the region with 2,000 staff members and thousands of patients. Sean, your manager, has asked you to analyze the current state of the corporation and then identify an appropriate IT security policy framework. He wants to know how you would approach this task. How you would analyze your organization and how you would select an appropriate security policy framework?